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Sfletliod and syst:exa for secizre pervasive access 



Technical Field 

The present invention relates to method and system for 
controlling access from different Pervasing Computing Devices 
(PVC-devices) to applications installed on or accessible via a 
server . 

Background of the invention 

PVC-devices, e.g. personal digital assistants, mobile phones, 
chipcards etc . , . are frequently used to gather information or to 
use business transactions applications stored on server, e.g. 
application for electronic payments or application for 
electronic shopping . 

Wireless PVC-devices like personal digital assistants and mobile 
phones communicate via gateway and Internet to a server which 
offers access to Web pages or business transaction application. 
Other PVC-devices like chipcards may use a LAN, Intranet or 
Internet to communicate with the said server, 

A main problem of communication between different PVC-devices 
and the business transaction applications is the security. 
Normally each business transaction application may use its own 
security requirements depending on the type of PVC-device, the 
type of user and type of communication. 

Security requirements may consist of an authentication level, a 
confidentiality level and an endorsement level. PVC-devices can 
establish a certain authentication level by performing 
appropriate authentication protocol and a certain level of 
confidentiality by employing appropriate encryption to secure 
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communication between the server and certain level of 
endorsement • 

Today, to applicant's knowledge, no secure, integrated solution 
for security based access control from various PVC-devices to 
applications /functions on a server exists. Applications are 
mostly developed to support few devices. Security requirements 
and authentication code are mostly buried in the application 
code . 

In current PVC-applications , it is difficult to add support for 
additional PVC-devices and. authentication mechanism. In most 
cases, applications allow for at most one authentication 
mechanism, mostly coupled with an application. 

It is therefore the object of the present invention to provide a 
system and method for a security based access control from 
various PVC-devices to applications which is independent from 
any client or application. 

This object is solved by the features of the independent claims. 
Preferred embodiments of the present invention are laid down in 
the dependent claims. 

Summary of the invention 

The present invention relates to a client-server system having a 
security system for controlling access to application functions. 
The security system separated from the clients and the 
application functions routes all incoming requests created by 
various PVC-devices to a centralized security system providing 
an authentication component and a security component. The 
authentication component provides several authentication 
mechanism which may be selected by information contained in the 
client's request. The authentication mechanism may be changed or 
extended without changing conditions on the client as well on 
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the server or application side. The security component provides 
a security policy describing security requirements for accessing 
application functions which may be invoked by the security 
component. If the selected authentication mechanism succeeds and 
fulfills the security policy associated to that application 
function then the application function will be invoked by the 
security component. 

In a preferred embodiment, the present invention provides a 
session object for each PVC-device that communicates with the 
server. One of the session object's attributes is a security 
state. The security state at least indicates the level of 
security of authentication and/or the level of confidentiality 
of communication with the PVC-device. The server has a security 
policy, that determines which application function may be 
invoked at what security level. Application functions on a 
server can only be invoked via the Secure Pervasive Access 
Framework (SPAF) . For each request to invoke a application 
function, SPAF checks whether the security state of the client 
device satisfies the access conditions defined in the security 
policy for that application function; only if this is the case, 
SPAF invokes the requested application function. 

Preferably all incoming requests are routed through the Device 
Adaptation Layer. This layer includes different kinds of 
gateways that convert device specific requests to a canonical 
form, i.e. HTTP requests that carry information about the device 
type and the desired reply content type, e.g. HTML, WML or VXML. 
Examples of such gateways are voice gateways with a VXML browser 
that recognizes speech and generates HTTP requests that carry 
text and selected options or a WAP gateway that connects the WAP 
protocol stack to the Internet protocol stack. 

SPAF checks all incoming requests and invokes application 
function according to the associated security policies, which 
may be stored in a special database, for example. The security 
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policies may be very different, for example one non-sensitive 
application function may only have functions that accessible to 
everybody, while another application may have certain functions 
that may only be performed by clients that have been 
authenticated by the security module using a cryptographic 
protocol , 

Calls of application functions by SPAF result in execution of 
application logic, maybe including access to databases or legacy 
systems in the background and some output that must be delivered 
to the user- All information to be displayed is prepared by the 
application logic and passed to the content delivery module. The 
content delivery module renders this information into content 
that depends on the device type and desired reply content type. 

Brief Description of the Drawings 

The present invention will be better understood and its niomerous 
objects and advantages will become more apparent to those 
skilled in the art by reference to the following drawings, in 
conjunction with the accompanying specification, in which 

FIG.l shows a communication architecture in which the 



present invention may be used 



FIG. 2 



shows the secure pervasive access architecture as used 
by the present invention 



FIG. 3 



shows authentication and access via secure pervasive 
access as used by the present invention 



FIG. 4 



shows the basic method steps of the present invention 



FIG. 5 



shows the method of the delivery module as preferably 
used by the present invention 
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FIG. 6 shows the method of the PVC-Proxy as preferably used 

by the present invention 

Detailed description of the preferred embodiment 

Before going into details of specific embodiments, it will be 
helpful to understand from a more general perspective the 
various elements and methods which may be related to the present 
invention. 

An important feature of the present invention is the Secure 
Pervasive Access Framework (SPAF) * SPAF builds the interface to 
various components of the invention. It receives the requests 
from the different PVC-devices, checks the security state of the 
respective PVC-device and gives access to the requested 
functions/application if the access conditions defined by the 
security policy are fulfilled. The security state of the 
respective PVC-device may be checked by own programs, e.g. plug- 
ins, using authentication mechanism like password/ user ID, 
challenge response, digital signature and so on. These plug-ins 
are totally independent from any application/ function to be 
accessed. Access. to an application/ function will be exclusively 
controlled by the SPAF via the security policy. Security level 
of a certain application/ function may be changed without 
changing application function to be accessed. The application 
logic itself remains unchanged. This is an important advantage 
of the present invention. 

Another feature of the present invention - which may be used 
optionally - is the Device Adaptation Layer (DAL) . 

It receives device specific requests and generates a canonical 
form which is able to specify information about the device type 
and the desired reply content. The information contained in the 
canonical request is used for executing the respective 
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authentication mechanism by using the appropriate plug- in. The 
DAL is able to support any protocol, e.g, HTTPS and WAP. 



FIG.l provides a view of a communication architecture in which 
the present invention may be used preferably. 

Currently many PVC-devices (6) are available on the market. The 
famous PVC-devices are personal digital assistants, mobile 
phones or WAP phones and chipcards , 

One Server (2) hosts application functions (1) which may be 
accessed from different PVC-devices (6) with different levels of 
authentication and different levels of confidentiality od 
exchanged data. The other server hosts a PVC-Proxy (3), the 
Voice Gateway (4) and the WAP Gateway (5) . 

The PVC-Proxy (3) allows to establish connections to different 
kinds of PVC-devices (6) and maintains session information 
(cookies) and device type infoarmation for these connections. 
Connections to clients can be established directly or via the 
Voice Gateway (4) or WAP Gateway (5). Each incoming request is 
augmented by the session and devices type information before 
forwarding it to its destination. 

The Voice Gateway (4) includes speech recognition and speech 
synthesis. It converts voice input from a telephone to HTTP 
requests and responses containing VXML-like content back to 
voice . 



The WAP Gateway (5) forwards WAP requests as HTTP requests to a 
server and returns the HTTP responses to devices as WAP 
responses . 

Which content representation has to be used for a particular 
request is determined by the device info that comes with each 
request. Which session info has to be used is determined by the 
cookie information that is contained in each request. Setting 
the cookie infoirmation and the device info to appropriate values 



Printed:1 7-1 1-2000 



26-05-2000 



EP001 11 338.0 



DE9-2000- DESC 



" 7 - 



is the responsibility of the PVC- Proxy. 



FIG. 2 provides drawing of a preferred implementation of a secure 
pervasive access architecture. 



The secure pervasive access architecture preferably comprises 
following components: 



a Device Adaptation Layer (DAL; 26) as gateway for the different 
PVC -devices (2 0) 



authentication component (27) comprising one or more security 
plug-ins (SP;28) for executing authentication mechanism 



a Secure Pervasive Access Framework (SPAF; 29) 



a security policy (30) which is preferably laid down in a data 
base (31) accessible by the server 

several access protected application functions (32) located on 
the server or on a data base (33) accessible by the. server 

The communication structure between these components is as 
follows: The single PVC-device (2 0) generates a device specific 
request and sends it to the DAL (26) , Requests are routed 
through the DAL. Preferably DAL includes different kind of 
gateways that convert device specific requests into a canonical 
form, e.g. HTTP requests that includes information about device 
type and desired reply content type, e.g. HTML, WML or VXML. 
The appropriate security plug-ins (28) is selected based on the 
information contained in the request and an authentication 
mechanism as laid down in the selected security plug-in (28) 
will be executed. The result of the authentication for the PVC- 
device called security state is stored in a non-volatile memory 
of the server. Then, the SPAF (29) compares the security state 
of a PVC-device with the associated security policy (30) for 
that application function (32) and invokes application function 
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(32) according to the security policy. The security policy (30) 
comprises correlation of security levels concerning defined 
user-actions for accessing application functions. For example, 
the security policy may be implemented in a table in which each 



security level concerning defined user-actions of that 
application function. The security policy may be different 
depending from the type of information to be accessed or type of 
PVC-device* For example one non-sensitive application function 
may only have function accessible to everybody, while another 
application function may have functions that may only be 
performed by PVC-devices that have been authenticated by the 
security plug- ins or security modules using cryptographic 
protocol. The security policy may be stored in a special data 
base . 

SPAF compares security state delivered by the security plug-in 
with security policy associated with the respective application 
function. If the security state of the PVC-device satisfies the 
access conditions defined by the security policy the SPAF 
invokes the requested application function. 

FIG. 3 provides a drawing showing authentication and access via 
secure pervasive access. 

PVC-devices (34) like mobile, personal digital assistants, 
chipcards generates a device specific request and sends that 
request to the DAF (39). If a conversion is required DAF 
converts the device specific request into a canonical request 
including a cookie. A cookie contains a packet of information 
which the server sends to DAF or the PVC-device to be sent back 
by the DAF or PVC device every time it reconnects with the that 
server. Cookies are mainly used to authenticate the PVC-device 
against the server. Some PVC-devices do not support handling of 
cookies, e.g. WAP phone or personal digital assistant. For these 
devices DAF (39) offers the functionality to support cookies. 



application function could have one or more correlation of 
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Cookies will be generated as follows: PVC-device initiates by- 
means of requests a communication via DAF (if necessary) with 
the SPAF (40) offering access to applications. The request 
contains infoirmation for authentication of the PVC-device, e.g. 
user ID and/or password. 

Security plug-in or authentication servlets (35) using a 
specific authentication mechanism and if the authentication 
succeeds then the SPAF (40) creates a new session object with an 
associated session ID (43). Then the SPAF (40) uses the security 
state for the already authenticated PVC-device comprising result 
of the authentication and authentication information or parts of 
it contained in the request of the PVC-device and puts the 
security state (42) into the session object. SPAF (40) assigns a 
sessionID to the PVC-device and returns a response with a cookie 
containing the sessionID. The PVC device or DAF receives the 
response and stores the cookie. Each subsequent request send 
back by the PVC device to the SPAF contains that cookie. 

PVC-device (34) sends new request to the SPAF to access an 
application function, e.g. query confidential information. SPAF 
gets the sessionID from the cookie contained in that request, 
looks for the session object associated with that sessionID from 
the cookie and gets the security state contained in that session 
object. Then, SPAF checks security state contained in that 
session object with the security policy (41) , If the security 
state (42) satisfies the security policy (41) the SPAF invokes 
the requested application function and returns a response. The 
PVC-device displays the response. 

FIG. 4 provides a diagram showing the basic method steps of the 
present invention. ' 

The basic method comprises the step of „get security state from 
the session (45)'' , checking the received security state with 
the security policy (46) and calling the requested application 
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function (47) if the security policy allows access to that 
application function. The security state will be preferably 
handled by security plug-ins as already explained above. Each 
plug-in contains one authentication mechanism, e,g, 
authentication by userlD/password, Challenge/Response, digital 
signature. The plug-ins are independent from the application 
function to be invoked. 

The method steps for checking the received security state and 
allowing access to the desired application function are laid 
down in the Secure Pervasive Access Framework (SPAF) . SPAF has 
an common interface to the accessible application functions. 



FIG. 5 provides the method steps of the Delivery Module for each 
outgoing response. 

The Delivery Module renders the information into content that 
depends on the device type and desired reply content type. Which 
content of representation has to be used for a particular 
request is determined by the device info contained in each 
request (51, 52) . For each content type, e.g. HTML, WML or VXML, 
there are different kind of Java Server Pager (JSPs) for content 
rendering, JSP can be used to generate arbitrary content by 
using the appropriate JSP tag to define the desired content type 
(53, 54) . 

FIG. 6 provides the basic functionality of the PVC proxy. As 
already explained above the PVC-proxy support those 
PVC-devices which do not support handling of cookies. Proxy 
receives the cookies sent by the server and includes the cookie 
in the request of the appropriate PVC-device. 
Furthermore, the PVC-proxy converts the PVC-device specific 
requests into canonical requests as far it is required. 
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Security system for controlling access to application 
functions (32; 44) located on a server or accessible 
via a server, wherein clients (20; 34) cominunicate 
with said server by means of requests for accessing 
one of said application functions (32; 44) using 
wired, wireless, partly wireless network, wherein 
access to said application functions is controlled by 
security requirements, comprising: 

an authentication component (27) functionally 
separated from said clients (20; 34) and said 
application functions (32; 44) for processing client ^s 
request independently of client's type, containing 
different authentication mechanism (28) and selecting 
and executing an authentication mechanism (28) based 
on the information contained in the client *s request 
resulting in a security state (42); 

a security component (29; 40) containing a security 
policy (3 0; 41) describing security requirements 
(security level) for accessing application functions, 
comparing security state (42) associated to a client 
with the security level of the application function 
and allowing access to the specified application 
function if the security state fulfills the 
requirements of the security level • 

System according to claim 1, wherein said clients (2 0; 
34) are PVC-devices . 

System according to claim 1, wherein said 
authentication component (27) and said security 
component (29; 40) are integrated in one component 
stored on a server. 
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System according to claim 1, whereby said 
authentication component (27) consists of security 
plug-ins (28) whereby each authentication mechanism is 
laid down in a separate security plug-in. 

System according to claim 4, whereby the 
authentication mechansim (28) may be User ID/ Password, 
Challenge /Response or digital signature. 

System according to 2 further comprises: 

a component (ADL; 26; 39) for converting PVC-device 
specific requests into canonical requests before said 
request is used by said authentication component (27) . 

Method for controlling access to application functions 
stored on a server or accessible via server, wherein 
clients communicate with said server by means of 
requests for accessing, one of said application 
functions using wired, wireless or partly wireless 
network, whereby access to said application functions 
is controlled by a security requirements, comprising 
the steps of : 

routing all incoming requests created by said clients 
(26; 34) to an authentication component (27) which is 
functionally independent from said clients and said 
application functions (32; 44), said authentication 
component (27) comprises the steps of: 

authentication of said client by determining an 
authentication mechanism provided by said 
authentication component by means of authentication 
information contained in said request and applying 
said authentication mechanism 
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storing result of said authentication and said 
authentication information or parts of it contained in 
said request {security state) 

using security requirements for application function 
to be accessed 

comparing stored security state (42) with said 
security requirements (41) for accessing the requested 
application function 

invoking requested application function if security 
state fulfills said security requirements. 



8. 



Method according to claim 7 wherein said incoming 
requests are canonical requests* 



9. 



Method according to claim 8 wherein said canonical 
requests are created by a Device Adaptation Layer (26; 
39) which converts client specific requests into 
canonical requests • 



10 



Method according to claim 7 comprises the further 
steps of: 



creating a session identifier (43) when establishing a 
communication between a client and a server and using 
said session identifier in all requests and responses 
between said client and said server. 



11, 



Method according to claim 10 whereby said session 
identifier (43) and said security state (42) are laid 
down in a cookie, whereby said cookie is inserted 
into each request and response between client and 
server . 
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12. 



Method according to claim 7 wherein said clients are 
PVC-devices , 



13 



A computer program comprising computer program code 
portions for performing respective steps of the method 
according to claim 7 to 12 when the program is 
executed in a computer . 



14 



Computer program product stored on a computer-readable 
media containing software code for performing of the 
method according to one of the claim 7 to 12 if the 
program product is executed on the computer. 



15. 



Client-Server' system, wherein clients (20;34) 
communicate with said server by means of requests for 
accessing application functions (32; 34) located on or 
accessible via said server, wherein access to said 
application functions is controlled by a security 
system located on said server, wherein said security 
system comprising: 



an authentication component (27) functionally 
separated from said clients and said application 
functions for processing client ^s request 
independently of client ^s type, containing different 
authentication mechanism (2 8) and selecting and 
executing an authentication mechanism based on the 
information contained in the client's request 
resulting in a security state (42) ; 

a security component (29; 40) containing a security 
policy (30; 41) describing security requirements 
(security level) for accessing application functions, 
comparing security state (42) associated to a client 
with the security level of the application function 
and allowing access to the specified application 
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The present ^invention relates to a client-server system having a 
security system for controlling access to application functions. 
The security system separated from the clients and the 
application functions routes all incoming requests created by 
various PVC-devices to a centralized security system providing 
an authentication component and a security component . The 
authentication component provides several authentication 
mechanism which may be selected by information contained in the 
client's request. The authentication mechanism may be changed or 
extended without changing conditions on the client as well on 
the server or application side. The security component provides 
a security policy describing security requirements for accessing 
application functions which may be invoked by the security 
component. If the selected authentication mechanism succeeds and 
fulfills the security policy associated to that application 
function then the application function will be invoked by the 
security component {FIG.3). 
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